class SessionsController < ApplicationController
  skip_before_action :logged_in_user
  before_action :session_login, except: [:destroy]
  layout 'login'

  def new
  end

  def create
    user = User.find_by(username: params[:session][:username].downcase)
    if user && user.authenticate(params[:session][:password])
      log_in user

      redirect_to root_url
    else
      # 创建一个错误消息
      flash[:danger] = '用户名密码错误' # 不完全正确
      render 'new'
    end
  end

  def destroy
    log_out
    redirect_to root_url
  end



end
